Abiquo Chef Integration Guide

Owned by MS (Unlicensed)
May 03, 2022
6 min read

Chef Integration Prerequisites

Chef  is an infrastructure automation product that uses configuration recipes. The Abiquo Chef Integration allows you to deploy a virtual machine that will then configure itself using Chef recipes and roles. To run Chef you will need:

  1. Chef server (hosted Chef or your own server) with recipes. For public cloud regions, hosted Chef is preferred
  2. Time synchronization between servers and hypervisors
  3. LInux VMs
  4. Compatible templates
    1. private cloud: cloud-init
    2. AWS/packet: user data
    3. other public cloud: SSH access  

 

Chef concepts

Naturally the best introduction to Chef is the Chef documentation: https://docs.chef.io

But here is a quick guide to Chef concepts for users of Abiquo.

  • You will need a Chef user to log in to the GUI of the Chef server and add roles and recipes, etc.
  • The Abiquo Chef Integration uses a validator client to create nodes and an admin client to synchronize the runlists. See https://docs.chef.io/chef_client.html
  • Your VM will be a Chef client (obtaining runlists) and a Chef node (configuring itself from a runlist).  See https://docs.chef.io/nodes.html

 

Your Virtual Machine on the Chef Server

The Abiquo Chef Integration will register your virtual machine as a Node and as a Client on the Chef Server.

Node list showing VM

Client list showing VM

Configure Abiquo Chef Integration

The following sections will guide you through the configuration of Abiquo Chef Integration.

Enterprise Configuration


Privilege: Manage enterprises

To use Chef features, your enterprise must have a Chef server (either a standalone server or an account on the hosted Chef server). There must be network access between your virtual machines and your Chef server. And the Chef server must have a list of cookbooks and/or roles that will be available for the virtual machines.

Chef Entities on Hosted Chef

You will need to enter the admin client and the validator client details in the enterprise.

Chef Admin Client

On the Clients tab, open the Create page and enter the name of the client. Download the private key (.pem) file. Then go to the Groups tab and Edit the Admins group to add the new client. 

 Click here to show/hide the screenshot



Chef Validator Client

The validator client is the Organization's validator. To obtain the private key for the organization, go to the Organizations tab and click Regenerate validation key. By default the name of this key will be organizationname-validator.pem.

 Click here to show/hide the screenshot



Chef Roles  

Load Chef roles into your hosted Chef account.

 Click here to show/hide the screenshot


Chef Cookbooks

Load Chef cookbooks into your hosted Chef account.

 Click here to show/hide the screenshot


 

Enable Chef for an Abiquo Enterprise

Go to Users view and edit the enterprise, and open the Chef tab. Enter the details and click Save.


Field

Explanation

Enable Chef

Tick this checkbox to enable Chef

Server URL

Enter the URL of the Chef Server API

Validator Client

The validator client is used to create nodes. You must use the name of the validator client on the Chef server

Validator Certificate

The validator certificate, which may be stored in a file called organization-validator or validation.pem

Admin Client

This must be a Chef admin client on the Chef server. The Abiquo Server will use it to work with the Chef Server

Admin Certificate

The admin client certificate, which may be stored in a file called adminclient.pem

Now the enterprise is ready to deploy virtual machines and automate software installation with Chef.

 

Virtual Machine Templates for Chef

For Chef in private cloud, you must use cloud-init templates and select cloud-init as the Guest setup method. Abiquo requires cloud-init version 0.7.9 or above. 

In public cloud, for AWS or Packet, use templates that support the provider's user-data mechanism. For other providers, use templates that allow SSH access. You do not need to mark cloud-init as the Guest setup method.

You can include Chef in the name and description of the virtual template and choose the "Chef" category.

Privilege: Manage VM templates from the Apps library

Edit the Chef Virtual Machine

To create VMs for use with Chef, drag and drop the appropriate templates to the virtual appliance in the usual way and save.

To create the Chef runlist, edit the VM and open the Chef tab to see the Roles available from the Chef Server of the user's enterprise.

Select the desired roles. You will see them in the Selected components pane.

To see Recipes (components of cookbooks), mark the Show individual components checkbox.

Now you will see both recipes and roles. You can select any combination of these, including recipes from roles you already selected. The selected components will be added to the Selected components pane to form the runlist in the order of selection. Use the slider button to move from page to page.

Set the run order by clicking the pencil edit button and changing the order.

Configure Chef Attributes

The platform passes Chef attributes to Chef for your recipes. You can find lists of attributes in the Chef recipe configuration files. See https://docs.chef.io/nodes.html  

  1. Edit the VM and go to Chef → Attributes
  2. Enter the attributes, which are the parameters for each recipe, in JSON format. 
    • The Chef attributes must be enclosed in "{ }". You must enter a valid JSON document and Abiquo will validate it
    • Abiquo does not validate the attributes, so check them carefully
  3. Click Save, which will save the entire VM configuration

Run chef-client periodically

When Abiquo deploys virtual machines, the chef-client is not configured to run periodically. So changes in the Chef configuration applied after the VM is deployed are not reflected in the VM itself.

To request updated recipes from the Chef Server, run the Chef client a regular intervals, to do this you could use a cron recipe as part of your Chef configuration on the VM.

Chef Virtual Machine Deployment

When the virtual machine is deployed and booted, the chef-client will register the virtual machine as a managed node. Once this is done, it will download and install the selected recipes.

Live Recipe Updates

It is easy to change the recipes in a virtual machine, and this can be done live with the virtual machine running. Just select the virtual machine in Abiquo, edit it again, and check or uncheck recipes as desired. If the chef-client is set up to run periodically, when it runs, it will update the virtual machine. 

Component List

If the virtual machine is not deployed, then it does not exist yet and there is no node on the Chef Server for that virtual machine. So the component list will show all available roles and recipes, allowing the user to select the required ones.

If the virtual machine is deployed, then it exists (even if it is stopped) and the node for this machine also exists on the Chef Server. So the component list will show the available recipes with the recipes in the run list for that node selected. So the component list always reflects the real recipe state for the virtual machine.

If someone updates the node directly in the Chef Server management console, Abiquo will detect this change and always display the right information.

Troubleshooting

Please see Troubleshooting Abiquo Chef Integration

Copyright © 2006-2022, Abiquo Holdings SL. All rights reserved